CVE-2008-4319

fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Php_filemanager	Libra_file_manager	*	1.18 (including)
Php_filemanager	Libra_file_manager	1.00 (including)	1.00 (including)
Php_filemanager	Libra_file_manager	1.03 (including)	1.03 (including)
Php_filemanager	Libra_file_manager	1.05 (including)	1.05 (including)
Php_filemanager	Libra_file_manager	1.08 (including)	1.08 (including)
Php_filemanager	Libra_file_manager	1.17 (including)	1.17 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/114.html
https://cwe.mitre.org/data/definitions/115.html
https://cwe.mitre.org/data/definitions/151.html
https://cwe.mitre.org/data/definitions/194.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/57.html
https://cwe.mitre.org/data/definitions/593.html
https://cwe.mitre.org/data/definitions/633.html
https://cwe.mitre.org/data/definitions/650.html
https://cwe.mitre.org/data/definitions/94.html

References

http://www.securityfocus.com/archive/1/496742
http://www.securityfocus.com/bid/31415
https://exchange.xforce.ibmcloud.com/vulnerabilities/45423
https://www.exploit-db.com/exploits/6567

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-4319
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References